Primary

Context

SOPlanning Privilege Escalation Vulnerability in User Management

Vulnerability

Patched

A privilege escalation vulnerability has been identified in SOPlanning, affecting all versions prior to 1.55. The issue arises in the user management tab, where users with the 'user_manage_team' role can modify permissions of other users. These users are able to assign administrative rights to any user, including themselves, thereby escalating their privileges. This vulnerability impacts both the Bulk Update functionality and the regular editing of user rights and privileges.

Impact

Exploitation of this vulnerability allows authenticated users with the 'user_manage_team' role to gain administrative privileges, including the ability to assign such rights to themselves.

Remediation

Users can update to SOPlanning version 1.55 or later to address this vulnerability.

Added: Nov 20, 2025, 4:19 PM

Updated: Nov 20, 2025, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SOPlanning Privilege Escalation Vulnerability in User Management

Vulnerability

Impact

Remediation

Affected Products

SOPlanning

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating